Site Navigation

Date:      Fri, 12 Mar 2021 23:29:39 +0900 (JST)
From:      3226388001 <3226388001@jcom.home.ne.jp>
To:        freebsd-users-jp <freebsd-users-jp@freebsd.org>
Subject:   [FreeBSD-users-jp 96716] Re:  =?iso-2022-jp?b?GyRCIVYbKEJ2NhskQiVXJWklORsoQiAbJEI4R0RqGyhC?= =?iso-2022-jp?b?SVAbJEIlNSE8JVMlOSFXJEckThsoQklQSVAbJEIlSCVzJU0layROGyhC?= =?iso-2022-jp?b?GyRCQF9EaiROO0VKfRsoQg==?=
Message-ID:  <202103121429.12CETcC6087205@freebsd.domain.local>
In-Reply-To: <CANtk6Sg7%2BpzbvkmSnSJpf52k=nc0LMKfQVN-73Jbtvqwibp5Cg@mail.gmail.com>
References:  <20210305.235106.1002415398090318509.take@kasaneiro.jp> <CANtk6Sg7%2BpzbvkmSnSJpf52k=nc0LMKfQVN-73Jbtvqwibp5Cg@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

$BDL$j$9$,$j$N<T$G$9!#(B

$BIaCJ$OKX$I$3$N%a!<%k%s%0%j%9%H$OFI$s$G$$$J$$$N$G$9$,!"(B
$B6vA3K\7o$r8+$+$1$^$7$F!&!&(B

$BK\Bj!J!V(Bv6$B%W%i%9(B $B8GDj(BIP$B%5!<%S%9!W!K$G$OL5$+$C$?$h$&$G$9$,!"(B
$B!V(Bv6$B%W%i%9!W$NJ}$N$3$A$i!'(B

> (3) MAP-E$BJ}<0$KBP1~$9$k$h$&!"(BFreeBSD $B$N(B NAT $B<~$j$K<j$rF~$l$k(B

$B?tG/A0$K8D?ME*$K<j$rF~$l$F;HMQ$7$F$$$kJ*$,$"$j$^$9$N$G!"(B
$B$b$7$+$7$?$i1~MQ$G$-$kJ}$,$$$i$C$7$c$k$+$b$7$l$J$$$H;W$$!"(B
$B$4;29M$^$G$K>pJs$rE=$i$;$FD:$-$^$9!#(B

$B"(8D?ME*MQES$J$N$GHFMQ2=$O$7$F$*$i$:!"(B

$B!!!&3dEv$F%"%I%l%9$K1~$8$?%Q%i%a!<%?$r@_Dj$H%Q%C%AFb$KKd$a9~$`I,MW$,$"$j!"(B
$B!!!!$3$NJU$j(B($BNc(B)$B$r;29M$KCM$r5a$a$kI,MW$,$"$j$^$9(B:
$B!!!!!!(Bhttps://gato.intaa.net/archives/13173
$B!!!!!!(Bhttp://ipv4.web.fc2.com/map-e.html

$B!!!&(Bipfw nat$B$r;HMQ$7$F$$$^$9$,!"$=$NCf$N(B"same_ports"$B%9%$%C%A$r(B
$B!!!!(BMAP-E$BF0:n$X$N@ZBX%9%$%C%A$KE>MQ$7$F$$$^$9!#(B

$B"(?tG/4V<BMQ$7$F$$$?$b$N$,%Y!<%9$G$9$,!"(B
$B!!:#2sEj9FMQ$K@_Dj$NCj>]2=$H%Q%C%A$N;EN)$FD>$7$r$7$F$$$k$N$G!"(B
$B!!8m$j$,$"$C$?$j$7$?$i$4$a$s$J$5$$!#(B



** /etc/rc.conf **
ifconfig_<v6plusIF>_ipv6="inet6 accept_rtadv"
ifconfig_<v6plusIF>_alias0="inet6 <CE IPv6 240b:xxxxxxxx> prefixlen 64"

ifconfig_gif0="inet6 tunnel <CE IPv6 240b:xxxxxxxx> <PEERADDR 2404:xxxxxxxx> prefixlen 64 mtu 1460 up"
ifconfig_gif0_alias0="inet <CE IPv4 $B%"%I%l%9(B> <CE IPv4 $B%"%I%l%9(B> netmask 255.255.255.255"


** ipfw$B%k!<%k(B **

kldload ipfw_nat
kldload ipfw_pmod
sysctl net.inet.ip.fw.one_pass=0

MAP_E_MYIP=<CE IPv4 $B%"%I%l%9(B>

ipfw nat 100 config ip ${MAP_E_MYIP} same_ports deny_in

00100 allow ip from any to any via lo0
  :
      skipto 20000 ip6 from any to any via <v6plusIF>
  :
      reass ip from any to any in
      allow icmp from any to any in icmptypes 8
      allow icmp from any to any out icmptypes 0
      skipto 10000 ip from any to any via gif0
  :

10000 check-state :gif_nat
      tcp-setmss 14xx tcp from any to any tcpflags syn
  :

15000 nat 100 ip from any to any keep-state :gif_nat
      allow ip from any to any

20000 check-state :ip6_flow
  :
      allow ipencap from <CE IPv6 240b:xxxxxxxx> to <PEERADDR 2404:xxxxxxxx> out
      allow ipencap from <PEERADDR 2404:xxxxxxxx> to <CE IPv6 240b:xxxxxxxx> in
  :
      deny ip from any to any


** $B%G%U%)%k%H%k!<%H@_Dj(B **
route delete 0.0.0.0
route add 0.0.0.0 -interface gif0



$B0J2<!"%Q%C%A!J(Breleng/12.2$B!K(B->
Index: sys/netinet/libalias/alias_db.c
===================================================================
--- sys/netinet/libalias/alias_db.c	(revision 369447)
+++ sys/netinet/libalias/alias_db.c	(working copy)
@@ -570,6 +570,14 @@
    another link concurrently.  This is because GetNewPort() looks for
    unused triplets: (dest addr, dest port, alias port). */
 
+#define MAPE_IPV6_PREFIX (0x240bxxxxxxxxxxxxL) $B"((BIPv6 $B%W%l%U%#%C%/%9!?(B64
+#define MAPE_PSID ((int)((MAPE_IPV6_PREFIX >> 8) & 0xff))
+static int convertToMapE( int v ){
+       v = (v % 0xf0) + 0x10;
+       v = ((v & 0xf0) << 8) | (MAPE_PSID<<4) | (v & 0x0f);
+       return v;
+}
+
 static int
 GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param)
 {
@@ -577,6 +585,7 @@
 	int max_trials;
 	u_short port_sys;
 	u_short port_net;
+	int mape_flag = 0;
 
 	LIBALIAS_LOCK_ASSERT(la);
 /*
@@ -603,8 +612,10 @@
 			 * this is already in use, the remainder of the
 			 * trials will be random.
 			 */
+			mape_flag = 1;
 			port_net = lnk->src_port;
 			port_sys = ntohs(port_net);
+			max_trials = 240 + GET_NEW_PORT_MAX_ATTEMPTS;
 		} else {
 			/* First trial and all subsequent are random. */
 			port_sys = arc4random() & ALIAS_PORT_MASK;
@@ -628,6 +639,10 @@
 		int go_ahead;
 		struct alias_link *search_result;
 
+		if ( mape_flag ){
+			port_net = htons(convertToMapE(port_sys));
+		}
+
 		search_result = FindLinkIn(la, lnk->dst_addr, lnk->alias_addr,
 		    lnk->dst_port, port_net,
 		    lnk->link_type, 0);
@@ -637,6 +652,16 @@
 		else if (!(lnk->flags & LINK_PARTIALLY_SPECIFIED)
 		    && (search_result->flags & LINK_PARTIALLY_SPECIFIED))
 			go_ahead = 1;
+		else if ( mape_flag && search_result->link_type == LINK_TCP
+				&& search_result->data.tcp->state.out != ALIAS_TCP_STATE_CONNECTED
+				&& search_result->data.tcp->state.in != ALIAS_TCP_STATE_CONNECTED
+				&& search_result->expire_time == TCP_EXPIRE_DEAD
+				&& i >= GET_NEW_PORT_MAX_ATTEMPTS 
+			){
+			DeleteLink(search_result);
+			search_result = NULL;
+			go_ahead = 1;
+		}
 		else
 			go_ahead = 0;
 
@@ -658,9 +683,14 @@
 			}
 #endif
 		}
-		port_sys = arc4random() & ALIAS_PORT_MASK;
-		port_sys += ALIAS_PORT_BASE;
-		port_net = htons(port_sys);
+		if ( mape_flag && i >= GET_NEW_PORT_MAX_ATTEMPTS ){
+			port_sys++;
+		}
+		else{
+			port_sys = arc4random() & ALIAS_PORT_MASK;
+			port_sys += ALIAS_PORT_BASE;
+			port_net = htons(port_sys);
+		}
 	}
 
 #ifdef LIBALIAS_DEBUG
Index: sys/netinet6/in6_gif.c
===================================================================
--- sys/netinet6/in6_gif.c	(revision 369447)
+++ sys/netinet6/in6_gif.c	(working copy)
@@ -324,7 +324,7 @@
 	 * it is too painful to ask for resend of inner packet, to achieve
 	 * path MTU discovery for encapsulated packets.
 	 */
-	return (ip6_output(m, 0, NULL, IPV6_MINMTU, 0, NULL, NULL));
+	return (ip6_output(m, 0, NULL, 0/*IPV6_MINMTU*/, 0, NULL, NULL));
 }
 
 static int
<-$B%Q%C%A$3$3$^$G(B









On Sat, 6 Mar 2021 05:01:44 +0900
Hiroo Ono ($B>.Ln42@8(B) <hiroo.ono+freebsd@gmail.com> wrote:

> $B>.Ln42@8$G$9!#(B
> 
> $B7kO@$+$i8@$&$H!";DG0$G$9$,(B FreeBSD $B$G$O<BMQ>eL5M}$G$9!#(B
> 
> 2021$BG/(B3$B7n(B5$BF|(B($B6b(B) 23:51 WATANABE Takeo <take@kasaneiro.jp>:
> >
> > $BEOIt$H?=$7$^$9!#(B
> >
> > $B%U%l%C%D8w%/%m%9$r7@Ls$7$F!$(B
> > JPNlE$B<R$N!V(Bv6$B%W%i%9(B $B8GDj(BIP$B%5!<%S%9!W$KBP1~$7$?(BISP(*1)$B$H7@Ls$7$F!$(B
> > FreeBSD$B$rMQ$$$F!$(Bv4 over v6 IPoE$B@\B3$K$h$k%$%s%?!<%M%C%H@\B3$r;n$_$F$$$^$9!#(B
> >
> > (*1) https://www.jpne.co.jp/service/v6plus-static/
> >
> > $B$+$J$j%M%C%H$N3$$r1K$$$@$N$G$9$,!$$3$l$H8@$C$?@h9T;vNc$N5-;v$,8+$D$+$i$:!$(B
> > $B:C@^$7$F$$$^$9!#$?$@!$(B
> >
> > https://people.allbsd.org/~hrs/FreeBSD/sato-FBSDW20170825.pdf
> >
> > $B$G$O!$!V(Bgif$B%H%s%M%k$G$OBg>fIW!W(B(p.15)$B$H$N5-:\$,$"$j!$$G$-$k$b$N$@$H?.$8$F$$$"$9!#(B
> 
> $B$=$N;qNA$K$OF1$8$/!V(BMAP-E $B$K$OHsBP1~!W$H$"$k$+$H;W$$$^$9$,!"(BV6$B%W%i%9$GDs6!$5$l$F$$$k$N$O(B
> MAP-E $BJ}<0$G$9!#(B
> $B;29M(B: https://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance
> 
> https://bokut.in/note/2020/03/
> $B$K$h$l$P!"(Bpf $B$r;H$($P(B*$B0l1~(B*$BF0$/$H$3$m$^$G@_Dj2DG=$J$h$&$G$9$,!"<BMQ$K$O$J$i$J$$$h$&$G$9!#(B
> NetBSD $B$d(B OpenBSD $B$G$O$I$&$J$N$+$OJ,$+$j$^$;$s!#(B
> 
> $BBP1~:v$H$7$F$O!"(B
> (1) MAP-E $BJ}<0$KBP1~$7$F$$$k%k!<%?!<$+(B Linux $B$rMQ$$$F@_Dj$9$k(B
> (2) IPoE $BJ}<0$r<h$C$F$$$k(B ISP $B$K>h$j49$($k(B
> (3) MAP-E$BJ}<0$KBP1~$9$k$h$&!"(BFreeBSD $B$N(B NAT $B<~$j$K<j$rF~$l$k(B
> 
> $B$N$I$l$+$+$J$H;W$$$^$9!#(B
> 
> > $B$H$3$m$,!$;d$O%H%s%M%k$rD%$C$?@\B3$r9T$C$?$3$H$,$J$/!$(B
> > $B2?$r$I$N$h$&$K$7$?$i$h$$$N$+J,$+$j$^$;$s!#(B
> >
> > $B!V65$($F7/!W$K$J$C$F$7$^$$?=$7Lu$"$j$^$;$s$,!$(B
> > $B$I$J$?$+65$($FD:$1$^$;$s$G$7$g$&$+!#(B
> >
> > $B!|(BISP$B$+$i$b$i$C$F$$$k>pJs!#(B
> >
> > 1. IPv6$B%W%l%U%#%C%/%9(B          :  aaaa : bbbb :cccc : dddd : eeee : ffff : gggg : hhhh / 56
> > 2. IPv4$B%"%I%l%9(B                     :  192. 168. 100. 119 / 32
> > 3. $B%$%s%?!<%U%'!<%9(BID           :  iiiii : jjjjj : kkkk : llll
> > 4. Border Relay $B%"%I%l%9(B    :  mmmm : nnnn : oooo : pp :: 65
> >
> >
> > $B!|$&$A$N%M%C%H%o!<%/4D6-$O2<5-$N$H$*$j$G$9!#(B
> >
> >                                         +------------------+
> > 192.168.131.64/27 ------| FreeBSD Router|-----ONU----NGN$BLV(B----VNE(JPNE)----The Net
> >                           LAN1( .65 )---------LAN2($B$J$7(B)
> >
> >
> > $B!|%d%^%O$5$s$N@_Dj;vNc=8(B
> > http://www.rtpro.yamaha.co.jp/RT/docs/ipip/index.html#setting11
> >
> > $B$+$i!$(B
> >
> > LAN1$B$N%"%I%l%9$O!V(B192.168.131.65$B!W$+$D!$(B
> > $B!V(BRA$B%W%m%-%7$G<hF@$7$?%W%l%U%#%C%/%9(B) : ($B%$%s%?!<%U%'%$%9(BID) / 64$B!W$K$J$k$h$&$G$9!#(B
> >
> > # $B$&$A$N2s@~$O$R$+$jEEOCL$7@Ls$G$9!#(B
> >
> > $B$I$N$h$&$K%M%C%H%o!<%/$N@_Dj(B($B$H$/$K!$(BIPIP$B%H%s%M%k(B(gif)$B$rD%$l$P$h$$$+!$(B
> > $B$I$&$+$465<(4j$$$^$9!#(B
> >
> > $B59$7$/$*4j$$CW$7$^$9!#(B
> >
> > ---
> > $BEOIt(B $B3YO:(B(WATANABE, Takeo) / JA1CPJ
> > take@kasaneiro.jp
> > _______________________________________________
> > freebsd-users-jp@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-users-jp
> > To unsubscribe, send any mail to "freebsd-users-jp-unsubscribe@freebsd.org"
> _______________________________________________
> freebsd-users-jp@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-users-jp
> To unsubscribe, send any mail to "freebsd-users-jp-unsubscribe@freebsd.org"

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103121429.12CETcC6087205>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact